On 10/2/07, Al <[EMAIL PROTECTED]> wrote:
> I didn't mean that the function was foolproof, only the match function itself.
Understood. :-)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I didn't mean that the function was foolproof, only the match function itself.
However, your suggestion to add the line start is simple and effective.
Andrew Ballard wrote:
I'd suggest the following *slight* enhancement to make sure that the
HTTP_REFERER actually *begins* with the site name, no
Thanks for the info. I've modified the script to reflect that. I
actually ended up reversing it, and so I used !== 0 which should work
just the same.
All this is a minor portion of a much larger security scheme for an
intranet site (which is protected by an LDAP server), where I am just
t
I'd suggest the following *slight* enhancement to make sure that the
HTTP_REFERER actually *begins* with the site name, not simply contains
it.
// prevents visits from pages like
http://badsite.com/form.htm?http://www.wnc.edu
if (strpos($referer, $site) === 0)
{
echo 'yes';
}
(or, if you like
Frankly, I use preg_match() for this type of thing. It's simpler and foolproof.
The difference in speed is negligible.
Kevin Murphy wrote:
Overly simplified version of my code.
$site = "http://www.wnc.edu";;
$referer = $_SERVER["HTTP_REFERER"];
echo $referer;// the output is correct
5 matches
Mail list logo
